PT-2026-60778 · Google Cloud · Firebase Studio

CVE-2026-12715

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v4.0

8.5

Alta

VetorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.
This vulnerability was patched on 15 April 2026, and no customer action is needed.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-12715

Produtos afetados

Firebase Studio